Samy Kamkar is one of the most innovative and notorious computer hackers in the United States. He’s also a well-known whistleblower. If you want to learn how Samy hacks everything from online dating to car alarms, this episode is for you.

He is best known for creating the fastest spreading virus of all time, a MySpace worm named “Samy.” He got raided by the United States Secret Service for that one. More recently, he’s created SkyJack, a custom drone that hacks into any nearby drones, allowing him (or any operator) to control a swarm of devices; and Evercookie, which appeared in top-secret NSA documents revealed by Edward Snowden. He also discovered illicit mobile phone tracking by Apple iPhone, Google Android and Microsoft Windows Phone mobile devices.

His research and findings led to a series of class-action lawsuits against these companies and a privacy hearing on Capitol Hill.

Related and Recommended

The Tim Ferriss Showis one of the most popular podcasts in the world with over 500 million downloads. It has been selected for "Best of Apple Podcasts" three times, it is often the #1 interview podcast across all of Apple Podcasts, and it's been ranked #1 out of 400,000+ podcasts on many occasions. To listen to any of the past episodes for free, check out this page.

Comment Rules: Remember what Fonzie was like? Cool. That’s how we’re gonna
be — cool. Critical is fine, but if you’re rude, we’ll delete your stuff. Please do not put your URL in the comment text and please use your PERSONAL name or initials and not your business name, as the latter comes off like spam. Have fun and thanks for adding to the conversation! (Thanks to Brian Oberkirch for the inspiration.)

Yep. Vessel is free for 30 days (cancel anytime), and then I think it’s $2.99 per month after that. Pretty straightforward and another platform I’m hoping will help me (through advertising rev share greater than YouTube) earn back what I spent on the TV show so that I can do more.

In the dating episode of The Tim Ferriss experiment where he consulted on he was shown using 2 Mac laptops with OS X. I believe they were MacBook PROs, but I’m not sure. He also had two massive flat screen monitors which looked to be hooked up to his laptop, but it’s possible he also had a desktop computer hidden somewhere.

It’s possible though that they showed that over a Linux or *BSD interface in order not to confuse viewers. However on the website of his USBdriveby project he talks about at the beginning of the podcast he writes:

“While this example is on OS X, it is easily extendable to Windows and *nix.”

which suggests that at least for some projects OS X is considered the main OS.

OS X is quite convenient as it shares many of the basics of a *nix system, so for many purposes it is just as good as any Linux distribution, while retaining the positive aspects of the Apple eco-system.

Also most hackers use several operating systems in order to understand them and what kind of vulnerabilities they might have. I’m sure Samy has both Linux and Windows images at his disposal.

Thankyou to both of you, this was SO interesting. Mindblowing revelations on what goes on nowadays. Also when/if the Dating episode of Tim Ferriss show is available in the UK on iTunes will be a defo watch.

Good shout out for the book “Influence” We have a very spammy UPVC company called Everest in the UK. I remember getting a generic sales letter from them in the post and underlining every single one of the 7 “persuasion” principles from that book in this sales letter just after I read it. Those spammy sales letters often handcrafted and honed over the years often get binned immediately, but pure artform in persuasion ad copy in there often overlooked.

Loved this podcast so much 🙂 I’ve heard a few different people in Samy’s world speak (Pablos Holman, Kevin Mitnick, etc.), and I’m always fascinated by how supremely insecure our world actually is. For anyone interested in going down this rabbit hole of awesome: https://www.youtube.com/user/defconvidoes/videos

Fantastic interview. Sammy has an atypical personality for a hacker (set against public opinion). Such an enthusiastic and entertaining guy.

QOTD: My travel laptop has all usb inputs disabled until you get into the OS. There are other hoops to jump through to get into the OS. I also use a VPN.

Also…just had my first cup of coffee via the 4-hour chef method. Fucking god what have I been doing all this time! Such a pleasant experience. Inexpensive. I am sure I will get many “happiness hits” because of this one change. Thanks for all your info, Ferriss. It has led to a radically different life/business.

Tim, the iTunes link does not work for me (I’m in Europe). I understand you are having difficulties distributing here (hope you find a way soon), but maybe a heads-up would be nice because the link does not do anything, not even an error page…

Use a VPN. How it works, you connect to a Virtual Private Network (VPN) that gives you a USA IP address, and whola, you avoid any local restrictions. If you’re in a country with no free speech, or monitored access, you’ll have to get crafty (tor, vpn, different computers, never the same user id, or access accounts, run a browser on a USB… etc). Note: ITunes may phone back home so you may need to set up another ITunes account.

what an amazing interview – though it was clear towards the end that every drop of those two bottles were having an affect! I felt like I was allowed in on a fun and interesting private conversation. I stayed awake far too long to finish it. Just a note – the Tim Ferriss experiment isn’t available down under yet. Can wait to see the espisode discussed in this podcast.

I personally use an app called “PeerGaurdian” which blocks my ip and allows my computer to be a ghost online. This program is especially useful with torrent use. Also a common sense practice that is often overlooked, especially with males, is to not go to untrusted porn sites. This is one of the most common sources for malware and unwanted spam on your computer.

thanks daniel for the suggestion. i have indeed tried to *hack* myself into the US itunes store while using a VPN. unfortunately an itunes account, which is connected to a credit card, which is connected to a physical address, is only usable in one country based on that address. so i got a lovely apple message and got immediately switched back into the canadian store.

i also tried vessel.com through a VPN again, and thinking if i paid with paypal i might bypass the credit card address issue, but they don’t take paypal.

strangely- or not, there are those of us who would love to be able to get a transcript pdf of the podcasts. it’s faster and just my preferred way to absorb info. just a thought… keep up the fantastic work Tim!

I have used LastPass since its inception with incredible, reliable results. Further, I have asked/recommended/demanded that hundreds of my clients use it to simplify their businesses. Now, if only I can get my wife to implement. Oh well!!

Now that I have your attention – You two are absolute legends! 😀 Great episode, Thank you and keep it up! 😀

I’m a female & new to the Tinder world – so could really relate to the dating talk which just cracked me up.

I’m listening to Infected Mushroom as I type this and am going to put a post-it note on my laptop camera as soon as I get back to my room at the mining camp I live in. :/ Hopefully none of the guys up here are hackers!

Meditation, gratitude and finding/following happiness seem to be reoccurring themes among the successful. Which I love hearing & am incorporating into my own life with mind blowing results.

I’m on the edge of jumping out this rat race and into a world of permanent travel and adventure.

Thank you for your inspiration. I will get right to my point. I work at a hospital and have a rewarding job that gives me blocks of time off. I want more time. I am an entrapeneuer bursting at the seems. Please give advice and guidance to people who work nights and do a very important job. I can not work from home, I and many in my situation have a hard time getting a morning ritual. I am tired all the time. Please help us get out of the rut. I don’t know where to start!

Regarding TrueCrypt – I stopped using it a while ago and I now use BoxCryptor Classic instead. Still free, but the “container” is not a static size, and you can add as many files as you want to encrypt.

Also I would definitely recommend using FileVault for Mac and BitLocker for Windows, to encrypt all files on your drive.

And finally, I’m living in Romania now, and I think you should maybe say something nice about it as well, so people don’t get the impression that it’s only populated by hackers. Because, as you know, it’s not. 🙂

I am only half way through and I am totally fascinated. I know the basics of programming and although it has been a long time (over 10 years) since I took a programming (now coding) class I am inspired to pick it back up just for the fun of it.

I’m amazed at how much good content you’re putting out these days. As a result, I found myself giving you a stellar review of your new TV show BEFORE watching very much of it just to support what you’re doing (since I don’t normally pay for this content…).

I noticed that a fair # of people comment on things you put out before they get a chance to listen/watch them and I’d be interested to know what the motivations are. Are people just wanting to be in on a conversation or, like me, do they just want to support the good work you’re doing and offering up for free?

In any case- Awesome work on the podcast. It continues to be exciting to listen to.

Personally, I would leave out the online dating sites since that guys that I like are most likely not on there and instead implement OSINT (open source intel), interact a bit (but not too much – think of the game theory!), build up the interest, then finish off with a very good impression IRL. Preferably in a hotel, like the W.

There is too much noise on the big dating sites like OkCupid and even apps like Tinder. I’m not on Tinder but was on OkCupid (a semi-real profile) for a very short while and scrolling through all the profiles just makes my eyes blurry. There are however smaller sites that are more niche (think misstravel.com) where there is a smaller pool of men which may or may not work in the You-Look-Hot/Interesting-Chat ratio. I tried it for a day with a semi-fake profile but didn’t find it interesting enough.

It doesn’t matter -too- much. I’m in industries where there are a lot of really great guys to choose from (that’s not the reason why I’m in it btw) so more power to me. 🙂

Tim Tim, my friend, I have got to say that the shows with you enjoying the company of your friends over a few glasses of wine are the most exciting to listen to. Super happy that you finally introduced the Red Team to the 4H fan base. Side note, the inbetween-isodes with the authors reading their work is super inspirational as well. Thank you sir for doing us all this great service!

I’m a father of two young boys and I think every parent should listen to this interview and take notes.

Doing well in school is important, but Samy’s story shows the importance of giving kids the opportunity to tinker and play OUTSIDE of traditional education.

This guy could have stayed in school, gone to college, and been a nobody.

I know guys here in Chicago that went to University of Chicago and Northwestern (business and law school) and can’t stand their jobs. They work 60-70 hour weeks and are dead inside.

Yes, they do get better opportunities, but it’s a GRIND for a long time.

They’re 4 and 7 now, but I want my kids to start coding and build a business by the time they’re 10. Sure, I want them to do good in school. But I want them to have a side hustle… experience failure, and push the envelope at an early age.

Tony Hsieh’s parents understood the importance of buying a computer for him at a young age. If I recall the Inc. Magazine cover story about him a few years ago, he created his first business at a teenager.

Since you touched so many topics, it is nice to refer on one regarding passwords, hence the cut from J. Oliver / Snowden interview: https://youtu.be/yzGzB-yYKcc – it sounds a bit funny, but the man really makes the point here.

For those in love in electronic music, great advice from Samy on Infected Mushroom (check out this live performance: https://youtu.be/sYsgfm8Thmk)

I rarely listen to podcasts, but I listened to every last minute of this one. It was interesting, entertaining, and a little scary giving my conspiracy theory paranoia a huge meal. Thanks for this truly excellent podcast!

Hi Tim. Great episode I truly enjoyed it. I laughed my butt off listening to Samy. I also want to let you know that I went to buy the Mizzen+May shirts you recommend using your code and I got this message “this discount has reached its usage limit”

Thanks for this, it was interesting to hear his approach to problem solving and how he uses a lot of code. I can not help thinking he had a hard path in life and what an asset he would be, working for the FBI.

Surely these people of talent should be out there defending us against the wicked ?

Very entertaining to hear you two giggling away and slurring your speech ha! I appreciated Samys humility and wish to be honest and not hurt anyone. I’ve been too nervous to listen to most guests cos I can’t stomach the potential chest beating talk of how rich and fabulous they are. I don’t dig exploitation and i associate that with The Market and uber wealth, rightly or wrongly. Anyway lot of controversy about TrueCrypt- the message on website advised switching to Bitlocker which everyones knows is nsa broken was thata clue that Truecrypt is really okay? SelfDestructing Cookies beats evercookie but if you set Firefox to protect against known forgeries, a google cookie will live in your browser perpetually bypassing detection! Delete the cookie and uncheck that reporting option. We didn’t get to hear the silk road story! Samys site crashed my phone-the too clever accelerometer graphics not so easy to use-took me ages to figure out what was going on. Amazed Tim needs to have a housemate, as a dream home owner- and ne eds to use online dating! Tim you must meet interesting people all the time?! Anyway you both seem like really nice lovely people and this was an enjoyable listen thankyou. Samys really helping a lot of people and being unique and individual. Love from Queensland Australia

Theres a great TED talk between Jacob Applebaum and Ed Snowden which is very insightful. I recommend looking up interviews with each of them to learn more about staying secure. Don’t confuse privacy and anonymity. I usr Adblock Plus and Ghostery ( Disconnect is better but not free anymore) to bloxk corporate tracking. I keep bluetooth, wi fi & sharing capacity & visibility turned off. Malwarebytes is considered the best malware scanner-and its free. I have heard point of sale terminals are insecure, no encryption nor fibre optic-just an open line. Dont use pay wave! I have a chip-less atm card i applied for specially . why on earth did they make those chip cards when they are MORE vulnerable! Does anyone know how to prevent people randomly scanning your card in public as Tim says Pablo did with his magic wand?

In the podcast you mentioned you would link to his google docs page for his current software toolset. I didn’t see it on his site, any help? GREAT INTERVIEW – renewed my passion for coding and “experimenting”

3) When a user selects those settings, the google.com PREF cookie will reinstall in the browser after the user removes the PREF cookie.

4) Quit and close Firefox. This is a necessary step. Otherwise the remaining steps will fail to prevent the google.com PREF cookie from reinstalling in your browser after you remove the cookie.

5) Open ~/Library/Application Support/Firefox/Profiles/[current Firefox profile folder name such as 9skvsz0g.default-1402623486951, or whatever is the folder name]/cookies.sqlite

6) Drag the “cookies.sqlite” file to the Trash folder. Every conventional cookie in your browser is in that file. You will lose all of those cookies until such time your browser installs them again, except the google.com PREF cookie will not return.

7) Restart Firefox.

8) Firefox automatically will generate in the Profile Folder a new “cookies.sqlite” file in place of the file you put in the Trash folder. The file will not contain the PREF cookie.

9) Before you delete the “cookie.sqlite” file that is in the Trash folder, you can prove that the “cookie.sqlite” file contains the google.com PREF cookie.

10) All *.sqlite files are text files. Right click the “cookies.sqlite” file that is the the Trash folder and chose “Open with TextEdit.app” or any other text editor application.

11) Read the text in the “cookies.sqlite” file.

12) The text “google.com PREFID” will be present somewhere in the long list of characters in the file.

13) The new “cookies.sqlite” file that replaced the offending file will not have the google.com PREF cookie in it.

14) The google.com PREF cookie will not return to the “cookies.sqlite” file unless you select “Block reported attack site” and “Block reported web forgeries” in Firefox/Preferences/Security.

iMacros plugin works wonders for automating tasks on the web. You can even use it for mundane processes like online dating messaging. Of course a little javascript background will help expand the functionality.

Tim, This was a great podcast – thoroughly enjoyed it. I’ve done some coding to extract web site data and put into Excel for analysis, and may be able to help out with your project. Email me if you are interested and I can send you a sample of what I do – I assume you have access to the email address with this comment.

There were some links mentioned in the podcast, about tools Samy uses that I thought you said you were going to include in the show notes. I must be missing something since I can’t seem to see these links on this page.

It would be interesting to use a combination of Machine Vision and Neural network algorithms to get a computer to learn what you find attraction, and then swipe on tinder for you on automation to girls it thinks you would find attractive.

Loved the episode (“Dating Game”). Found it really fascinating considering I’m currently dealing with similar challenges in the dating field.

That being said, there’s a lot of good pick up information for men and how “the game” goes, but how would Neil advise the modern woman? If I ever approach a man (which isn’t often) it’s done in a very similar manner (based off of curiosity, not a psychological algorithm, but I suppose it all comes from the same place. Not to say that’s not at play, but it’s not my personal focal point).

I’d love to know how to navigate the dating game if the odds are stacked against you and how the intimidation factor can come to play (ie. young twenty something woman, self employed, lots of free time, outgoing, active, always learning, my looks won’t blind you that’s for sure, but I have my days…haha!). Think, if Tim were a lovely young woman how would she go about this? Considering the character of your person is the same in this hypothetical situation, how would things be different, if so?

Also Samy talks about hiring someone to program and filter the online dating field. Although it sounds simple enough, it seems very unlikely, unless he or someone else has already created a program to do that (other than the obvious one for his personal use). I’d definitely pay for that!

I am attempting to recreate what Samy did with his match profile, but I am having trouble. Where can I find more detailed information on how to do this? Is there anywhere to find further quantitative research that can improve results in the online dating game?

Does anyone know any online dating gurus that have already figured this stuff out?

This was an excellent show. I read future crimes based on Peter Diamandis’ recommendation in an earlier episode, and it was a great primer for this episode. I am fascinated at how the internet still really is the wild west, and until we change the incentive structure for software engineers to put out better code, security threats are going to become more of a problem each day.

Self Destructing Cookies is a wonderful ad on – the detailed instructions someone provided in these comments, for additionally removing the google PREF cookie manually, is not necessary anymore – it appears SDC updated their software. Phew.

Ed Snowden in an interview recently provided 4 ways one can radically improve security on their computer. 1. Stay away from google and facebook, they are ‘dangerous’ 2. Use an anti tracking/anti cookie browser ad on.

(I find Ghostery to be effective and easy, and doesn’t break sites. It also lets me access content it would otherwise block by providing a overlay) 3. Encrypt your entire hard drive and phone. Also use end to end encryption for email.

4. Stay far away from Drop Box. Use a privacy-respecting service like Spider Oak (thats the one he mentioned)

Elsewhere he has advoccated using a really strong password as essential.

an offline password manager is an excellent idea, Key Pass is considered to be the best of the best. it’s free

Lifehacker recently did an independent survey/study and found Avast to be the best Anti Virus and Malwarebytes to be the best anti malware. They both happen to be free (with paid premium versions available)

Electronic Frontier Foundation, The Guardian Project, Reset The Net and the website called ‘My Shadow’ are excellent public services to support your privacy and security and educate oneself ‘

Do some study before you get into something. Open DNS and Unseen were two companies that seemed really, really appealing for security and privacy, a bit more reading by tech geeks in forums (thankyou) made it clear they were absolutely not walking the talk.

i’m not involved with any of these I’ve just found them all to be extremely helpful supportive tools and advice

Tim, the comment you made about drone pilots thinking they are playing a first person shooter is incredibly ignorant and condescending. There is a massive difference b/w playing video games and serving as a professional in the armed forces.

Morally and ethically speaking, slitting someone’s throat as you look into their eyes fading is the exact same outcome as pushing a button and watching it on screen.

Hi Tim, I just watched the episode and thought you nailed both the strategies for finding love in the modern age / the right approach to first interact with potential dates: at your own, curated party where you can see them and they can see you in a more contextual light. I’m doing a podcast episode about Tinder and was curious if any of the people you met at that party turned into a longer term relationship? And if that didn’t happen, did the episode help you in your dating life afterwards? Thank you so much for your time and life lessons.

Hi Tim / staff – I was actually just watching the Tim Ferriss Experiment about dating and you were with Neil Strauss (among other experts) picking up all kinds of great tips about how to increase your results in the right way, with dating. I am a single female in Los Angeles, and I would love, love, LOVE if you did a podcast episode with a female leader in dating breakthroughs for women. Is there a female version of “the game?” Its so incredibly hard for us out there too, and I would love to hear an expert advice. For your female listener base, this would be huge! Love your show, and thank you!